[Dshield] Is this some kind of washing hands or pointing fingers at innocent parties?

Lauro, John jlauro at umflint.edu
Thu Sep 12 11:57:55 GMT 2002


> > Almost all software vendors make vulnerable products.  *ix is no
better
> > right out-of-the-box.
> 
> Agreed.  But, many *nix types have customized install procedures
that
> secure
> the boxes as they are built.  Fortunately, more Windoze types (at
least in
> the big business world) are building and using those custom install
> scripts.
> The GUI-based installers present with Windoze and some of the newer
Linux
> distros tend to encourage people to "take the defaults" - which is a
Very
> Bad Thing.
> 
> Simply clicking OK, isn't.

Have you actually tried anything recent?  I suggest you do an install
of RedHat 7.3, and you will be pleasantly surprised how secure by
default the install is.  They used to have everything enabled by
default (such as FTP, etc...), but not any more, even if you pick
server installation.  There is one place with a security slider, then
if you move from default to maximum you end up having to adjust the
filtering rules later to allow almost anything to talk to your box.  

They don't even start up telnet anymore by default.  (That's not
completely a good thing... sure telnet is vulnerable to local sniffing
attacks from source to destination, but ssh has had far more remote
exploits).

I'll agree the Windows XP has improved out-of-the-box compared to
2000.  However, IMHO *ix is still better right out-of-the-box.




More information about the list mailing list